News:

• [03/2021] XSSer code: "The HiV€!" ( rev 1.8.4 ) has been released...


• [03/2021] Sources: (code) (mirror1) (mirror2)

Introduction:

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

It provides several options to try to bypass certain filters and various special techniques for code injection.

----------

XSSer has pre-installed [ > 1300 ] XSS attacking/fuzzing vectors and can bypass-exploit code on several browsers/WAFs:

- [PHPIDS]: PHP-IDS
- [Imperva]: Imperva Incapsula WAF
- [WebKnight]: WebKnight WAF
- [F5]: F5 Big IP WAF
- [Barracuda]: Barracuda WAF
- [ModSec]: Mod-Security
- [QuickDF]: QuickDefense
- [Sucuri]: SucuriWAF
- [Chrome]: Google Chrome
- [IE]: Internet Explorer
- [FF]: Mozilla's Gecko rendering engine, used by Firefox/Iceweasel
- [NS-IE]: Netscape in IE rendering engine mode
- [NS-G]: Netscape in the Gecko rendering engine mode
- [Opera]: Opera Browser

Current version:

Download:

• Snapshot (.tar.gz): XSSer v1.8-3.tar.gz | Torrent (.tar.gz): XSSer v1.8-3.tar.gz.torrent


• wget https://xsser.03c8.net/xsser/xsser_1.8-3.tar.gz
tar xf xsser_1.8-3.tar.gz
cd xsser
sudo python setup.py install
./xsser -h
./xsser --gtk (for gui)


• Snapshot (.zip): XSSer v1.8-3.zip | Torrent (.zip): XSSer v1.8-3.zip.torrent


• CHECKSUMS: MD5

---

Captures:

URL/Hash Generation Schema: +Zoom	Shell: +Zoom	Manifesto: +Zoom
Configuration: +Zoom	Bypassers: +Zoom	GeoMap: +Zoom
[HTTP GET] [LOCAL] Reverse Exploit: +Zoom	[HTTP POST] [REMOTE] Reverse Exploit: +Zoom	[XSS DOM] Exploit: +Zoom

---

Documentation:

• 2012 at RootedCon | [ Slides: "XSSer - The Cross Site Scripting framework": Spanish ] - [ Video: Spanish ]
  
• 2011 at THSF'11 | [ Slides: "XSSer - The Mosquito": English ]
  
• 2009 at Cyberspace | [ Paper: "XSS for fun and profit": English | Spanish ]
  

---

Installation:

XSSer runs on many platforms. It requires Python (3.x.y) and the following libraries:

• python3-pycurl - Python bindings to libcurl (Python 3)
• python3-bs4 - error-tolerant HTML parser for Python 3
• python3-geoip - Python3 bindings for the GeoIP IP-to-country resolver library
• python3-gi - Python 3 bindings for gobject-introspection libraries
• python3-cairocffi - cffi-based cairo bindings for Python (Python3)
• python3-selenium - Python3 bindings for Selenium
• firefoxdriver - Firefox WebDriver support

You can automatically get all required libraries using (as root):

sudo python setup.py install (or sudo python3 setup.py install)

For manual installation on Debian-based systems (ex: Ubuntu), run:

sudo apt-get install python3-pycurl python3-bs4 python3-geoip python3-cairocffi python3-selenium firefoxdriver

On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run:

sudo pip3 install pycurl bs4 pygeoip gobject cairocffi selenium

---

Source Code:

Xsser can be cloned from different code repositories. This option is a good idea if you want to [ --update ] automatically the tool, every some time.

• Official:

https://code.03c8.net/epsylon/xsser

ex: git clone https://code.03c8.net/epsylon/xsser

• Mirror:

https://github.com/epsylon/xsser

ex: git clone https://github.com/epsylon/xsser

---

Packages:

XSSer v1.8.3: "The HiV€!" :

• Download (.zip): XSSer v1.8-3.zip - (.tar.gz): XSSer v1.8-3.tar.gz


• Torrents (.tar.gz): XSSer v1.8-3.tar.gz.torrent - (.zip): XSSer v1.8-3.zip.torrent


• Ubuntu/Debian (all) package: xsser_1.8.3_all.deb

wget https://xsser.03c8.net/xsser/xsser_1.8.3_all.deb
sudo dpkg -i xsser_1.8.3_all.deb
xsser -h
xsser --gtk (for gui)

---------------------

XSSer v1.8.2: "The Hiv3 (beta)!" -> * XSSer is ported to Python3:

• Download (.zip): XSSer v1.8-2.zip


• Ubuntu/Debian (all) package: xsser_1.8.2_all.deb

---------------------

XSSer v1.7.2b: "ZiKA-47 Swarm!":

• Download (.tar.gz): XSSer v1.7-2.tar.gz


• • Ubuntu/Debian package: xsser_1.7-1_amd64.deb

---------------------

XSSer v1.6: "Grey Swarm!":

• Download (.tar.gz): XSSer v1.6-1.tar.gz


• • RPM package: XSSer-1.6-1.noarch.rpm
  
  
  • Ubuntu/Debian package: XSSer-1.6_all.deb

---------------------

XSSer v1.5: "Swarm Edition!":

• Ubuntu/Debian: xsser_1.5-1_all.deb.tar.gz

---------------------

XSSer v1.0: "The mosquito":

• Ubuntu/Debian: xsser_1.0-2_all.deb.tar.gz

---

License:

XSSer is released under the terms of the General Public License v3 and is copyrighted by psy.

---

Support:

This framework is actively looking for new sponsors and funding. If you or your organization has an interest in keeping XSSer, please contact directly.

• XSSer has been one of the winner projects of the NLnet Awards of April (2010)
• XSSer has been added to BackTrack Linux (2010)
• XSSer has been added to OWASP project (2012)
• XSSer has been added to Cyborg Linux (2015)
• XSSer has been added to Kali Linux (2016)
• XSSer has been added to BlackArch (2016)
• [ ... ]

For donations:

• Bictoin (BTC): [19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw ]
• Ecoin (ECO): [ETsRCBzaMawx3isvb5svX7tAukLdUFHKze ]